Remote attestation of untrusted devices is gaining increasing popularity. For example one side, such as a virtual private network client on a trusted device, proves that it is running in a secure environment to another side, such as a virtual private network server within the premises of a company network or the like. This may be achieved by recording the corresponding hardware environment, boot sequence or the like. Then the record sent to a third party to attest that the status of all hardware and software is secure, i.e. no malicious modification or the like is present. The data exchange may be encrypted by a trusted platform module being in charge of a cryptographic operation to ensure correction of the exchanged data.
To establish such a static root of trust and/or dynamic root of trust it was proposed to attest that an untrusted environment can provide some security guarantees and/or to create a trusted sub-environment within an untrusted computing environment. Further this is only applicable to static computing environments. To extend the application/operation of trusted computing to mobile computing environments it was proposed to embed trusted platform module chips within the mobile devices and establishing a root of trust within the mobile device itself, for example as mentioned in the non patent literature “Bootstrapping Trust in Commodity Computers.”, of B. Parno, J. M. McCune, A. Perrig, IEEE S&P 2010, “OSLO: Improving the security of Trusted Computing”, of Bernhard Kauer, Trusted Computing Group <<http://www.trustedcomputinggroup.org:>>, or of IBM 4758 Basic Services Manual: <<http://www-03.ibm.com/security/cryptocards/pdfs/IBM_4758_Basic_Services_Manual_Release_2_54.pdf.>>.
However, one of the drawbacks is, that additional space for such a trusted platform module within the mobile device is required and makes a mobile device more expensive.
Further it was proposed, for example as described the non patent literature of Kalman, G., Noll, J., UniK, K.: “SIM as secure key storage in communication networks”, International Conference on Wireless and Mobile Communications (ICWMC) (2007), of Noll, J., Lopez Calvet, J. C., Myksvoll, K.: “Admittance services through mobile phone short messages”, International Multi-Conference on Computing in the Global Information Technology. pp. 77-82. IEEE Computer Society, Washington, D.C., USA (2006) or of Mantoro, T., Milisic, A.: “Smart card authentication for Internet applications using NFC enabled phone” in International Conference on Information and Communication Technology for the Muslim World (ICT4M) (2010) to embed secret keys within the mobile phone SIM card as mean to authenticate a mobile device to external entities and/or to bootstrap a trusted computing base in the mobile device itself. However one of the drawbacks here is that SIM cards cannot fully mimic the functionality of existing trusting platform modules. In particular they do not support restricted operations on the platform configuration registers and can be cloned. A further disadvantage is that—due to the weakness in their key generation algorithms—their keys might also be brute-force searched.